Threat hunting Operations Playbook: Field Guide
RCCE students will learn proactive threat hunting methodologies including hypothesis-driven hunting, data-driven hunting, intelligence-driven hunting, and hunt team operations. RCCE students will learn to develop threat hunting hypotheses based on MITRE ATT&CK techniques, design hunting queries across SIEM, EDR, and network data, identify indicators of compromise and attacker behavioral patterns, distinguish normal from anomalous activity in complex environments, document and share hunting findings, convert successful hunts into automated detections, and build threat hunting programs that continuously improve organizational detection capabilities. This operations-focused course delivers production-ready playbooks, checklists, and standard operating procedures. Building on core knowledge, RCCE students will learn to build repeatable day-to-day operational workflows that ensure consistency and quality. Students receive templates and frameworks they can customize and deploy immediately in their security operations, reducing time to operational effectiveness.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Threat hunting Operations Playbook: Field Guide
- Execute hands-on tasks for hardening operations playbook:
- Execute hands-on tasks for field guide
- Execute hands-on tasks for advanced cyber defense mastery
- Explain Executive Overview fundamentals
- Execute hands-on tasks for why hardening matters — covering 85% of breaches exploit.
- Execute hands-on tasks for core definitions
- Execute hands-on tasks for endpoint hardening
- Execute hands-on tasks for attack surface
- Execute hands-on tasks for baseline image
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for firmware & secure boot
- Execute hands-on tasks for application whitelisting
| Module 01 | Hardening Operations Playbook: |
| Module 02 | Field Guide |
| Module 03 | Advanced Cyber Defense Mastery |
| Module 04 | Executive Overview |
| Module 05 | Why Hardening Matters |
| Module 06 | Core Definitions |
| Module 07 | Endpoint Hardening |
| Module 08 | Attack Surface |
| Module 09 | Baseline Image |
| Module 10 | Endpoint Hardening Architecture |
| Module 11 | Firmware & Secure Boot |
| Module 12 | Application Whitelisting |
| Module 13 | Defender ATP |
| Module 14 | Unnecessary Service Removal |
All hands-on labs run on Rocheston Rose X OS. Students practice threat hunting operations playbook: field guide by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for hardening operations playbook:
- Lab 2: Execute hands-on tasks for field guide
- Lab 3: Execute hands-on tasks for advanced cyber defense mastery
- Lab 4: Explain Executive Overview fundamentals
- Lab 5: Execute hands-on tasks for why hardening matters
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Threat hunting Operations Playbook: Field Guide, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI